Coursera · Coursera Privacy Notice · View original document ↗

Cross-Border Data Transfers

Medium severity Medium confidence Explicitdocumentlanguage Common · 84 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Coursera recorded 2 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Coursera Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Your personal data is stored and processed in the United States, even if you are in a country with stronger privacy laws such as those in the EU or UK.

This analysis describes what Coursera's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

EU, UK, and other non-U.S. users should be aware that their data is transferred to a jurisdiction with a different legal framework, and the adequacy of transfer mechanisms is a material compliance consideration.

Interpretive note: The specific transfer mechanism (SCCs, DPF, or other) is not identified in the document, creating uncertainty about the legal basis for EU/UK to U.S. transfers.

Recent Activity

This document changed recently

Medium May 11, 2026

The updated terms now explicitly disclose that Coursera processes communications through voice-enabled features that transcribe audio into text, and clarify that personal data may be shared with third parties including affiliates and business partners. The policy expands descriptions of AI-driven personalization and chatbot applications that use your learning and interaction data. The terms establish that data may be transferred to entities that become Coursera affiliates or subsidiaries during business transitions. You should review the updated guidance that cautions against including unnecessary or sensitive personal data in the platform's free-text and voice-enabled communication features.

View change record →
Medium Apr 18, 2026

The updated Privacy Notice removes explicit language stating that the policy does not apply to Coursera's Ollie mobile application and no longer directs users to a separate Ollie Privacy Notice for that app. Previously, users of Ollie had clear notice to consult a dedicated privacy policy; that direction is now absent from the main Privacy Notice. The updated notice also narrows the scope of covered entities by removing 'affiliates' from the definition of Coursera, stating the policy now applies to Coursera, Inc., its subsidiaries, and international branches only. Users of the Ollie App should independently verify what privacy terms currently govern that application, as the main Coursera Privacy Notice no longer explicitly addresses Ollie coverage.

View change record →

Consumer impact (what this means for users)

Non-U.S. users' personal data is transferred to and processed in the United States, which may involve reduced statutory protections compared to their home jurisdiction, depending on the transfer mechanism Coursera employs.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    EU and UK users who wish to exercise rights related to cross-border data transfers, including requesting deletion of personal data held in the U.S., can submit a request to privacy@coursera.org.

How other platforms handle this

Grindr Medium

Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.

Peloton Medium

Your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers and partners operate. By using our Services, you acknowledge that your personal information may be transferred to countries outside your country of residence, in...

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

See all platforms with this clause type →

Monitoring

Coursera has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Coursera is a U.S.-based company and your personal data will be processed in the United States. If you are located outside the United States, the data protection laws of the United States may differ from those in your country.

— Excerpt from Coursera's Coursera Privacy Notice

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: This provision engages GDPR Chapter V (international data transfers), the UK GDPR equivalent transfer rules, and any applicable adequacy decisions or standard contractual clauses (SCCs) required to legitimize transfers from the EU/EEA and UK to the U.S. The EU-U.S. Data Privacy Framework (DPF) may be relevant if Coursera is certified. EU supervisory authorities and the UK ICO are the primary enforcement bodies. GOVERNANCE EXPOSURE: Medium. The notice acknowledges the transfer but does not specify the transfer mechanism employed (SCCs, DPF certification, or binding corporate rules). Absence of explicit mechanism disclosure may create transparency gaps under GDPR Articles 13 and 14, which require disclosure of the transfer safeguards at the time of data collection. JURISDICTION FLAGS: EU/EEA and UK users face heightened exposure if the transfer mechanism is not current or adequately documented. Following the Schrems II ruling and subsequent developments, reliance on SCCs requires a transfer impact assessment. Organizations in the EU and UK that use Coursera as a vendor should verify current transfer mechanism documentation. CONTRACT AND VENDOR IMPLICATIONS: Enterprise clients in the EU or UK should request and review Coursera's current data transfer mechanism documentation, including SCCs or DPF certification status, as part of vendor due diligence. Data processing agreements should specify the legal basis for international transfers. COMPLIANCE CONSIDERATIONS: Legal teams should confirm whether Coursera maintains current SCCs or DPF certification, request transfer impact assessments where required, and ensure that data processing agreements with Coursera reflect the current state of international transfer law.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Get Monitor

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has enforcement authority over U.S. companies' compliance with international data transfer frameworks including the EU-U.S. Data Privacy Framework.
    File a complaint →

Applicable regulations

EU AI Act
European Union
CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Coursera Privacy Notice
Entity
Coursera
Document last updated
May 5, 2026
Tracking information
First tracked
May 10, 2026
Last verified
May 10, 2026
Record ID
CA-P-006203
Document ID
CA-D-00158
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
59834b4e08e538f4b11e3db8b297dc7b75811100ba60ce40b60950ff40b3b3a6
Analysis generated
May 10, 2026 18:17 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Coursera
Document: Coursera Privacy Notice
Record ID: CA-P-006203
Captured: 2026-05-10 18:17:25 UTC
SHA-256: 59834b4e08e538f4…
URL: https://conductatlas.com/platform/coursera/coursera-privacy-notice/cross-border-data-transfers/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Coursera's Cross-Border Data Transfers clause do?

EU, UK, and other non-U.S. users should be aware that their data is transferred to a jurisdiction with a different legal framework, and the adequacy of transfer mechanisms is a material compliance consideration.

How does this clause affect you?

Non-U.S. users' personal data is transferred to and processed in the United States, which may involve reduced statutory protections compared to their home jurisdiction, depending on the transfer mechanism Coursera employs.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 84 platforms. See the full comparison.

Is ConductAtlas affiliated with Coursera?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Coursera.